Collision analysis (FTA method) occurs due to abnormal guidance control function
Nanjing ASRock Transportation Technology Co., Ltd
20 11/19/24
|
|
|
| ||
| ||
| ||
| ||
| ||
|
| |||
|
|
|
|
V1.0 | 11.19 |
|
|
Table of Contents
1. Purpose and scope of the document5
2. Refer to Documentation and Standard 5
3. Terms and abbreviations5
4. System Description6
5. Allocation Principle 7
6. Reliability is expected 8
6.1. Reliability Objective 8
6.2. Evaluation methodology8
6.3. Reliability model 8
7. Maintainability analysis 9
7.1. Fault and maintenance strategy definition9
7.2. MTBF Prediction 9
7.3. Preventive maintenance analysis9
7.4. Corrective maintenance analysis and MTTR prediction10
8. Safety function description11
9. Fault Tree Analysis FTA12
9.1. Top event definition12
9.2. Modeling12
9.3. Analytical calculations17
10. Summary 20
Purpose and scope of the document
This article is an analysis report on the hardware reliability, availability, and maintainability of the guidance system. The main purpose is to calculate the RAM index of the system through RAM analysis, and at the same time discuss in detail the definition and description of the dangerous events that may be caused by the guidance system, establish the fault tree model of the system, and calculate the probability of the occurrence of the top event and the intermediate event in combination with the parameters and conditions required for the calculation, and finally give the analysis results in the form of a table.
Reference documents and standards
This document will reference or reference the following documents. If there is an updated version of the referenced document of the specified version, and the content of the new version does not conflict with the existing version, the existing version shall prevail, otherwise the higher version of the referenced document will not be applicable to this document and needs to be revised again; If no version is specified for the referenced document, the most recent version of the document will prevail.
Table 1 Reference documents and standards
|
|
|
|
1 | PM20630171101 |
| V1.0 |
2 | EN 50126 | Railway applications - The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) | 2017 |
3 | EN 50129 | Railway applications - Communications, signalling and processing systems -Safety related electronic systems for signalling | 2018 |
Terms and abbreviations
Table 2 Terms and abbreviations
|
|
MTBF |
|
MTTF |
|
MTTR |
|
RAM |
|
System Description
The guidance system is one of the core systems of rubber-tyred vehicles, which is divided into three subsystems, namely the coordination control subsystem, the steering execution subsystem and the driving assistance subsystem. The coordination control subsystem is responsible for obtaining external sensor data, and after the vehicle model is solved, the vehicle steering command is obtained. The steering execution subsystem is responsible for sending the vehicle steering command to the servo motor for execution, and at the same time accepts the current corner position of the servo motor; The driver assistance subsystem communicates with other systems and provides functions such as obstacle avoidance.
Relying on the external angle and attitude sensor, the vehicle carries out lateral coordination and follow-up control of each axis, so that each axle travels through the same road trajectory, and the system can realize the stable lateral control of low-speed curve steering and high-speed straight driving of 3-group vehicles. The relevant topology diagrams are shown in Figures 1 and 2.
Figure 1 Network topology
Figure 2 CAN bus topology
Allocation principle
Subsystems and components with high complexity are assigned lower reliability indicators;
Technically immature subsystems and components are assigned lower reliability indicators;
Subsystems and components with harsh working environments are assigned lower reliability indicators;
Long-term operation of subsystems and components, assigned a lower reliability index;
Subsystems and components with high importance are assigned high reliability indicators.
The failure rates listed in the report are based on experience, and their values are only used as reference requirements for this design, not as an evaluation index for the design.
Reliability projections
The reliability of product tasks is based on the reliability of each basic component of the product and the logical relationship between them to analyze the reliability of the product in the work. Reliability analysis and calculation are carried out in combination with reliability prediction to determine whether the product meets the specified reliability requirements.
The working environment temperature of the system is set to -25°C~+45°C, the altitude is ≤1200 m, and the maximum relative humidity is not more than 90%. In the model, the unit of failure rate is failure per hour, and the failure of each component obeys an exponential distribution.
Reliability objectives
According to the principles of quality assurance and reliability allocation, the reliability objectives assigned to the guidance system are:
Mean time between failures: ≥15,000 hours
Evaluation methodology
The reliability of the guidance system is evaluated by the mean failure rate (λ). The average failure rate is the ratio of the number of failures of the relevant equipment of the guidance system to the cumulative kilometers traveled or the working time in the statistical kilometers and time. It is calculated as follows:
Nf - the total number of failures of all equipment and equipment of the guidance system in the counted kilometers or time
∑t – cumulative kilometers traveled or time
Reliability model
The reliability model is an expression of the logical relationship between product reliability, which is used to quantitatively allocate, predict and evaluate the reliability of products.
Assuming that the lifetime of each fraction follows an exponential distribution, there are:
Namely:
Serviceability analysis
Fault and repair strategy definition
Faults in the hardware components of the guidance system are defined as follows:
Fault: Refers to the failure of the hardware components of the guidance system to perform the corresponding function due to the failure.
In response to the failure of the hardware components of the guidance system, the maintenance strategy adopted is as follows:
Maintenance: Refers to the maintenance of the hardware components of the guidance system after the corresponding functions fail.
MTBF Predictions
Table 3 MTBF projections
| ||
|
| MTBF(h) |
| 3.1E-07 | 84675 |
CANHUB | 9.1E-07 | 99206 |
| 3.2E-07 | 31595 |
| 7.8E-07 | 22530 |
| 3.8E-07 | 38554 |
| 5.0E-07 | 29217 |
| 1.6E-07 | 86152 |
| 0 | 0 |
Preventive maintenance analysis
Table 4 Preventive maintenance analysis
|
|
|
|
|
|
|
|
| 5 | 无 | 无 |
|
|
|
| 2 | 无 | 无 |
|
|
|
| |||||
|
| 2 | 无 | 无 |
|
|
|
| 5 |
|
|
|
|
| ||||||
|
| |||||
|
|
|
| |||
|
| 5 | 无 | 无 |
|
|
|
|
Corrective maintenance analysis and MTTR prediction
Table 5 Corrective maintenance analysis
|
|
|
|
| MTBF |
|
|
| 2950 | 3.1E-07 | 84675 |
CANHUB |
|
| 777 | 9.1E-07 | 99206 |
|
|
| 6350 | 3.2E-07 | 31595 |
|
|
| 216 | 7.8E-07 | 22530 |
|
| 575 | 3.8E-07 | 38554 | |
|
|
| 2178 | 5.0E-07 | 29217 |
|
|
| 4136/2195 | 1.6E-07 | 86152 |
| / |
| 4993/5124 | 0 | 0 |
Average repair time (unit/h):
In summary, it is concluded that the MTTR of the guidance system is 3 hours (from the time the maintenance personnel start to contact the faulty equipment to the equipment recovery).
Description of the safety features
The safety features of this system are:
low-speed coordinated follow-the-steering control function;
High-speed linear stable steering control function;
Tracking control function.
Fault tree analysis FTA
This analysis does not consider software failures, systematic failures of humans in the development process, and only random failures. The boundaries of this analysis are the system boundaries defined in the system requirements, and the devices outside the boundaries are not in the modeling scope of this fault tree.
Top event definition
According to the relevant functions of the guidance system, one top event is defined: the vehicle is out of bounds due to abnormal steering of the guidance system; There are 3 intermediate events: low-speed coordinated follow-up steering control abnormality, high-speed linear stable steering control abnormality, and tracking control abnormality.
Modeling
Top event failure tree
The steering system steering abnormally causes the vehicle to go out of bounds, and the fault tree is shown in Figure 3.
Fig.3. Fault tree of the vehicle out of bounds due to abnormal steering of the guidance system
Intermediate events
The low-speed coordinated follow-up steering control abnormal fault tree is shown in Figure 4.
Fig.4. Low-speed coordinated follow-up steering control anomaly fault tree
The abnormal fault tree of high-speed linear stable steering control is shown in Figure 5.
Fig.5. Abnormal fault tree of high-speed linear stable steering control
The fault tree of the tracking control anomaly is shown in Figure 6.
Figure 6 Fault tree of tracking control exceptions
Bottom event failure tree
The steering equipment fault tree is shown in Figure 7.
Figure 7 Steering equipment fault tree
The guided control fault tree is shown in Figure 8.
Figure 8 Guided control fault tree
The loss or inaccuracy of the zero adjustment function is shown in Figure 9.
Fig.9. Loss of function or inaccurate fault tree of zero adjustment
The loss or inaccuracy of the 3-8 axis linear stabilization function is shown in Figure 10.
Figure 10 Loss or inaccuracy of linear stabilization function in 3-8 axes
The 3-8 axle train loses its steering ability or turns too large and the fault tree is shown in Figure 11.
Fig.11 Fault tree of 3-8 axle train with loss of steering capability or over-steering
The fault alarm function is lost, and the fault tree is shown in Figure 12.
Figure 12 Fault tree of loss of fault alarm function
Analytical calculations
A description of each bottom event is shown in Table 6.
Table 6 Description of events at the end
|
|
|
|
| 1E-09 |
|
| 1.1E-08 |
|
| 1E-08 |
|
| 2.4E-08 |
|
| 2.3E-08 |
|
| 2.2E-08 |
|
| 2.5E-08 |
|
| 2.0E-08 |
|
| 1.7E-08 |
|
| 2.9E-08 |
|
| 1.2E-08 |
|
| 1.8E-08 |
|
| 2.4E-08 |
The descriptions of the various intermediate events are shown in Table 7.
Table 7 Intermediate events
|
|
|
|
| 5.3E-07 |
|
| 4.8E-07 |
|
| 6.9E-07 |
Top event: Steering system steering abnormally causes the vehicle to go out of bounds.
THE INTERMEDIATE EVENTS UNDER THE LOGIC GATE OF THE TOP EVENT EVENT1 ARE EVENT2, EVENT3, AND EVENT4.
THE INTERMEDIATE EVENTS UNDER THE LOGIC GATE EVENT2 ARE EVENT5, EVENT6, EVENT7, EVENT8, AND EVENT9.
EVENT2= EVENT5+EVENT6+EVENT7+EVENT8+EVENT9
=5.3E-07
THE INTERMEDIATE EVENTS UNDER THE LOGIC GATE EVENT3 ARE EVENT5, EVENT6, EVENT7, EVENT8, EVENT9, AND EVENT10.
EVENT3= EVENT5+EVENT6+EVENT7+EVENT8+EVENT9+EVENT10
=4.8E-07
THE INTERMEDIATE EVENTS UNDER THE LOGIC GATE OF EVENT4 ARE EVENT5, EVENT6, AND EVENT9.
EVENT4= EVENT5+EVENT6+EVENT9
=6.9E-07
THE BOTTOM EVENTS UNDER THE LOGIC GATE OF EVENT5 ARE EVENT11, EVENT13, EVENT14, EVENT16, EVENT17, AND EVENT18.
EVENT5= EVENT11+EVENT13+EVENT14+EVENT16+EVENT17+EVENT18
=8.1E-07
THE BOTTOM EVENTS UNDER THE LOGIC GATE OF EVENT6 ARE EVENT20, EVENT22, EVENT23, AND EVENT24.
EVENT6= EVENT20+EVENT22+EVENT23+EVENT24
=5.2E-07
THE BOTTOM EVENT UNDER THE LOGIC GATE OF EVENT7 IS EVENT20.
EVENT7= EVENT20
=4.8E-07
The bottom event under the intermediate event EVENT27 logical gate is EVENT27.
EVENT27= EVENT27
=7.4E-07
THE BOTTOM EVENTS UNDER THE LOGIC GATE OF EVENT8 ARE EVENT22, EVENT23, EVENT25.
EVENT8= EVENT22+EVENT23+EVENT25
=6.5E-07
The bottom events under the intermediate event EVENT28 logical gate are EVENT29 and EVENT30.
EVENT28= EVENT29+EVENT30
=2.9E-07
Top Event:
EVENT1= EVENT2+EVENT3+EVENT4
=2.5E-07
summary
According to the self-proof calculation, the THR (Tolerable hazard rate per hour) of 2.5E-7 is 2.5E-7 due to the abnormal steering control function, which is located in the range of 10^-7 to 10^-6, and according to the EN50126 and EN50129 standards, the steering and steering system meets the SIL2 safety function level.